Have you heard about Flare’s CTF: Capture the Threats? We created this game so players can further sharpen their skills in exploring the darker corners of the cyber world to stop malicious actors.
The game includes four categories: credential leaks, illicit markets (dark web and social media), open web (GitHub, paste, and buckets), and IP/domain, with 12 challenges total. To explain the importance of monitoring these areas, we’ll provide more information on the categories. You may even find something helpful for a challenge…
Haven’t played yet? Don’t worry, it’s not too late to start the game! With the background knowledge behind these areas to monitor, you’ll have a better understanding of why you’re navigating the Flare platform to hunt for these threats.
1. Credential Leaks
The dark web has over 10 billion stolen credentials. Imagine the amount of time it takes for security teams to efficiently monitor those that are relevant to their organization.
With Flare, a leading Managed Security Services Provider (MSSP) that covers Europe and North America not only reduced their dark web monitoring time by 97.3%, and they also increased the areas of the dark web they covered.
A Senior Security Specialist with this MSSP shared, “What used to take about 1500 hours to complete can now be done in one week.”
A Little Hint for CTF
Read this Threat Spotlight on leaked credentials in case you’re stuck on a challenge in this category.
2. Illicit Markets: Dark Web/Social Media
Credential leaks can contribute to devastating data breaches.
The average time to identify and contain a data breach inside an organization can take 287 days (almost a year!). In the U.S., which is the current title holder for the highest cost of data breaches in the world, the average cost of a data breach is $9.44 million.
Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.
Strong security infrastructure and training are safety nets for human error. These are necessary because human error is responsible for a majority of data breaches.
One of our customers found an infected company device on the Genesis Market (an illicit market on the clear web) for only $100, which could’ve caused thousands or even millions of dollars worth of damage if it had been found later. Infected devices hold a wealth of information that malicious actors can use to virtually sneak into corporate environments. Fortunately, a Red Teamer obtained access to the infected device and contained the incident before any threat actor could get into the employee’s corporate mailbox that included personal information and documents with sensitive information.
3. Open Web (GitHub/Paste/Buckets)
The open or clear web isn’t immune to being a source for threat actors to find sensitive leaked information.
GitHub, paste sites, leaky buckets, and more, can be areas of accidental data disclosure. Threat actors can find proprietary data from misconfigured cloud buckets, leaked secrets in public GitHub repos, and data disclosure from paste sites.
A major North American bank had a former employee post sensitive information publicly on GitHub. Fortunately, a Flare alert notified the security team, so they were able to act and contain the incident within 30 minutes. Previously, a similar incident would have required a task force of six analysts, managers, and directors to assemble in a war room for seven hours.
The CTI Director stated, “Whereas other solutions would present us with thousands of potential leaks which were impossible to work with for our small team, Flare was the only one that could successfully filter and prioritize data leaks with their 5-point scoring system.”
4. Domain Monitoring
Have you ever seen a suspicious email that looks like it comes from a reputable company, but upon a closer look, the domain ends in a .co instead of a .com? This likely could have been part of a spear phishing campaign. Threat actors can create targeted email accounts with similar domains to organizations to try to trick people.
Registering variants of the original domain is an option, (.co, .io, .net, etc) but it can be expensive and time consuming since there can be thousands of top-level domains.
Domain monitoring can automatically detect and send an alert when someone registers a domain that looks a lot like your organization’s name. This can help you stay vigilant to spear phishing campaigns or other costly cyberattacks (there’s been over $43 billion lost globally from a common spear phishing tactic of Business Email Compromise from mid 2016 to 2021).
Let’s Play CTF
Do you now have a better understanding of what the CTF mission covers? Are you ready to embark on this adventure of stopping threat actors in different corners of the internet? Play CTF: Capture the Threats today!